feat: add rp.RevokeToken
This commit is contained in:
David Sharnoff
parent
01021e71a0
commit
763d69b4ca
6 changed files with 90 additions and 5 deletions
|
|
@ -4,6 +4,7 @@ import (
|
|||
"context"
|
||||
"encoding/base64"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strings"
|
||||
"time"
|
||||
|
|
@ -51,6 +52,9 @@ type RelyingParty interface {
|
|||
// GetEndSessionEndpoint returns the endpoint to sign out on a IDP
|
||||
GetEndSessionEndpoint() string
|
||||
|
||||
// GetRevokeEndpoint returns the endpoint to revoke a specific token
|
||||
// "GetRevokeEndpoint() string" will be added in a future release
|
||||
|
||||
// UserinfoEndpoint returns the userinfo
|
||||
UserinfoEndpoint() string
|
||||
|
||||
|
|
@ -120,6 +124,10 @@ func (rp *relyingParty) GetEndSessionEndpoint() string {
|
|||
return rp.endpoints.EndSessionURL
|
||||
}
|
||||
|
||||
func (rp *relyingParty) GetRevokeEndpoint() string {
|
||||
return rp.endpoints.RevokeURL
|
||||
}
|
||||
|
||||
func (rp *relyingParty) IDTokenVerifier() IDTokenVerifier {
|
||||
if rp.idTokenVerifier == nil {
|
||||
rp.idTokenVerifier = NewIDTokenVerifier(rp.issuer, rp.oauthConfig.ClientID, NewRemoteKeySet(rp.httpClient, rp.endpoints.JKWsURL), rp.verifierOpts...)
|
||||
|
|
@ -490,6 +498,7 @@ type Endpoints struct {
|
|||
UserinfoURL string
|
||||
JKWsURL string
|
||||
EndSessionURL string
|
||||
RevokeURL string
|
||||
}
|
||||
|
||||
func GetEndpoints(discoveryConfig *oidc.DiscoveryConfiguration) Endpoints {
|
||||
|
|
@ -503,6 +512,7 @@ func GetEndpoints(discoveryConfig *oidc.DiscoveryConfiguration) Endpoints {
|
|||
UserinfoURL: discoveryConfig.UserinfoEndpoint,
|
||||
JKWsURL: discoveryConfig.JwksURI,
|
||||
EndSessionURL: discoveryConfig.EndSessionEndpoint,
|
||||
RevokeURL: discoveryConfig.RevocationEndpoint,
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -573,3 +583,21 @@ func RefreshAccessToken(rp RelyingParty, refreshToken, clientAssertion, clientAs
|
|||
}
|
||||
return client.CallTokenEndpoint(request, tokenEndpointCaller{RelyingParty: rp})
|
||||
}
|
||||
|
||||
// RevokeToken requires a RelyingParty that is also a client.RevokeCaller. The RelyingParty
|
||||
// returned by NewRelyingPartyOIDC() meets that criteria, but the one returned by
|
||||
// NewRelyingPartyOAuth() does not.
|
||||
//
|
||||
// tokenTypeHint should be either "id_token" or "refresh_token".
|
||||
func RevokeToken(rp RelyingParty, token string, tokenTypeHint string) error {
|
||||
request := client.RevokeRequest{
|
||||
Token: token,
|
||||
TokenTypeHint: tokenTypeHint,
|
||||
ClientID: rp.OAuthConfig().ClientID,
|
||||
ClientSecret: rp.OAuthConfig().ClientSecret,
|
||||
}
|
||||
if rc, ok := rp.(client.RevokeCaller); ok && rc.GetRevokeEndpoint() != "" {
|
||||
return client.CallRevokeEndpoint(request, nil, rc)
|
||||
}
|
||||
return fmt.Errorf("RelyingParty does not support RevokeCaller")
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue